Elinor Mills interviews cryptographer and consultant Bruce Schneier, who “pokes fun at National Cyber Security Month, talks about his background in crypto and working for the U.S. Defense Department, and says he fears privacy invasion more from marketers than governments or criminals.”

In an e-mail Q&A, he responds:

Don’t people care about their privacy?
Schneier: Of course they do. Survey after survey demonstrates this. What you really want to know is why, if people care about their privacy, do they continue to give up their privacy in return for what seems to be so little? The answer to that question is complicated, and psychologists are not studying it sufficiently. In short, though, it has to do with immediate vs. long-term consequences, the fact that privacy is something people don’t notice until it’s gone, and how salient privacy is when the decision is being made.

What do you think are the most serious legitimate threats to consumer privacy?
Schneier: Marketing. The legal collection, storage, resale, and reuse of personal information. Information brokers are doing more to hurt consumer privacy than anything criminals or the government can do. And, even worse, the government can buy information from them, and criminals can break into their databases.